VDB
CVE-2010-0727
CVE-2010-0727
PUBLISHED
CVSS 4.900000095367432 MEDIUM
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
EPSS 0.08% · 23.9th percentile
Risk Scores
CVSS 2.0
4.900000095367432
EPSS Score
0.08%
23.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 0 |
| redhat | enterprise_linux | 5.0, 6.0 |
| debian | debian_linux | 5.0 |
| n/a | n/a | n/a |
Exploit Intelligence
- http://www.openwall.com/lists/oss-security/2010/03/12/1 (nist-nvd)
- https://bugzilla.redhat.com/show_bug.cgi?id=570863 (nist-nvd)
- RHSA-2010:0330 (circl)
- RHSA-2010:0380 (circl)
- [linux-kernel] 20100311 [PATCH 3/3] GFS2: Skip check for mandatory locks when unlocking (circl)
- oval:org.mitre.oval:def:11392 (circl)
- 1023809 (circl)
- MDVSA-2010:066 (circl)
- http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2 (circl)
- DSA-2053 (circl)
…and 2 more exploits
Timeline
- Mar 16, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- RHSA-2010:0330 vendor-advisory
- [oss-security] 20100312 CVE-2010-0727 kernel: gfs/gfs2 locking code DoS flaw mailing-list
- RHSA-2010:0380 vendor-advisory
- [linux-kernel] 20100311 [PATCH 3/3] GFS2: Skip check for mandatory locks when unlocking mailing-list
- oval:org.mitre.oval:def:11392 vdb
- 1023809 vdb
- MDVSA-2010:066 vendor-advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2 url
- DSA-2053 vendor-advisory
- RHSA-2010:0521 vendor-advisory
- 39830 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=570863 url
- https://nvd.nist.gov/vuln/detail/CVE-2010-0727 advisory